Re: [PATCH 5/7] x86/bugs: Only harden syscalls when needed

From: Andrew Cooper
Date: Thu Apr 11 2024 - 06:06:46 EST

Next message: Greg Kroah-Hartman: "[PATCH 6.8 000/143] 6.8.6-rc1 review"
Previous message: Fabio Aiuto: "[PATCH v2 1/1] regulator: pca9450: make warm reset on PMIC_RST_B assertion"
In reply to: tip-bot2 for Josh Poimboeuf: "[tip: x86/urgent] x86/bugs: Only harden syscalls when needed"
Next in thread: Josh Poimboeuf: "Re: [PATCH 5/7] x86/bugs: Only harden syscalls when needed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/04/2024 6:40 am, Josh Poimboeuf wrote:
> diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
> index 6de50b80702e..80d432d2fe44 100644
> --- a/arch/x86/entry/common.c
> +++ b/arch/x86/entry/common.c
> @@ -39,6 +39,28 @@
>
> #ifdef CONFIG_X86_64
>
> +/*
> + * Do either a direct or an indirect call, depending on whether indirect calls
> + * are considered safe.
> + */
> +#define __do_syscall(table, func_direct, nr, regs) \
> +({ \
> + unsigned long __rax, __rdi, __rsi; \
> + \
> + asm_inline volatile( \
> + ALTERNATIVE("call " __stringify(func_direct) "\n\t", \
> + ANNOTATE_RETPOLINE_SAFE \
> + "call *%[func_ptr]\n\t", \

This wants to be a plain maybe-thunk'd indirect call, and without the
ANNOTATE_RETPOLINE_SAFE.

Or you're going to get into cases where some combinations of command
line options do unexpected things e.g. retpolining everything except the
syscall dispatch.

~Andrew

Next message: Greg Kroah-Hartman: "[PATCH 6.8 000/143] 6.8.6-rc1 review"
Previous message: Fabio Aiuto: "[PATCH v2 1/1] regulator: pca9450: make warm reset on PMIC_RST_B assertion"
In reply to: tip-bot2 for Josh Poimboeuf: "[tip: x86/urgent] x86/bugs: Only harden syscalls when needed"
Next in thread: Josh Poimboeuf: "Re: [PATCH 5/7] x86/bugs: Only harden syscalls when needed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]